[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

pam_exec.so with setuid root binary



Hello,

I am using pam_exec.so with a setuid and setgid root binary because my binary calls other programs (like lvcreate, mkfs on the new logical volume and chown on the mountpoint of mounted logical volume) that need root access to be successful and because the authenticating service itself does not run as root.

But I was not successful so far to implement the desired features, because at least lvcreate needs the real uid (not only the effective uid) be 0 to perform its task and because, though my binary changes the real ids successfully with setuid() and setgid() when called from the command line, this does not work with pam_exec, so that the real ids stay to be those from the authenticating service. In both cases, at program start, that is before setuid() and setgid(), the real ids

What can I do to solve that? It surprises me that one case does work and the other does not, although at program start, that is before setuid() and setgid(), the real ids are those of the authenticating service and effective and saved ids are 0 in the two cases.

Regards
  Christoph


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]